package com.ben.multiple.shiro;

import com.ben.multiple.shiro.cache.AuthenticationTokenCache;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import javax.servlet.Filter;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.mgt.WebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.aop.framework.autoproxy.DefaultAdvisorAutoProxyCreator;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

/**
 * @author Ben
 * @date 2021/1/31
 */
@Configuration
public class ShiroConfig {
    @Bean
    public WebSecurityManager webSecurityManager(AuthenticationTokenCache authenticationTokenCache) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        securityManager.setRealm(new CustomRealm(authenticationTokenCache));
        DefaultWebSessionManager webSessionManager = new DefaultWebSessionManager();
        // session 默认放在 cookie 中，禁用
        webSessionManager.setSessionIdCookieEnabled(false);
        // true : 重定向时，会在 url 上拼接上 sessionId
        webSessionManager.setSessionIdUrlRewritingEnabled(false);
        securityManager.setSessionManager(webSessionManager);
        return securityManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterFactoryBean(WebSecurityManager webSecurityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(webSecurityManager);
        Map<String, Filter> filters = new HashMap<>(2);
        // 自定义过滤器
        filters.put("myAuth", new MyAuthenticationFilter());
        shiroFilterFactoryBean.setFilters(filters);
        Map<String, String> map = new LinkedHashMap<>(2);
        // 放行
        map.put("/login", "anon");
        // 使用自定义过滤器鉴权
        map.put("/**", "myAuth");
        shiroFilterFactoryBean.setFilterChainDefinitionMap(map);
        return shiroFilterFactoryBean;
    }

    // 支持注解鉴权

    @Bean
    @ConditionalOnMissingBean
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
        return new LifecycleBeanPostProcessor();
    }

    @Bean
    @ConditionalOnMissingBean
    public DefaultAdvisorAutoProxyCreator defaultAdvisorAutoProxyCreator() {
        DefaultAdvisorAutoProxyCreator creator = new DefaultAdvisorAutoProxyCreator();
        creator.setProxyTargetClass(true);
        return creator;
    }

    @Bean
    @ConditionalOnMissingBean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(WebSecurityManager webSecurityManager) {
        AuthorizationAttributeSourceAdvisor advisor = new AuthorizationAttributeSourceAdvisor();
        advisor.setSecurityManager(webSecurityManager);
        return advisor;
    }
}
